Skip to content
{{ message }}

Instantly share code, notes, and snippets.

🍊
Something

# Aleksei hellman

🍊
Something
Last active Jan 12, 2021
RWCTF 3rd - Crypto - Old Curse solve script
View sol.sage
 from Crypto.Util.number import * PR.=PolynomialRing(ZZ) def calc_params(e,N): delta = 0.1 gama = 0.05 beta = log(e,N).n() alpha = 0.25 return alpha,beta,delta,gama
Last active Oct 19, 2020
SECCON 2020 Online CTF sharsable author writeup
View sharsable.sage
 # Overview # This challenge is based on May's version of Wiener's Attack # (https://www.math.uni-frankfurt.de/~dmst/teaching/WS2015/Vorlesung/Alex.May.pdf) # But the attack can't be apply to the challenge because it has 2 exponents, # so you have to extend the method of May. # After LLL, choose 2 shortest vectors and reconstruct polynomial. # then pick coefficients and decrypt ciphertext import json from binascii import unhexlify
Last active Sep 27, 2020
Official solution for "Shoplifters" of 0CTF/TCTF 2020 Finals
View solve.c
 /* gcc -m64 -nostdlib -Os -mrtm -fno-toplevel-reorder -static -Wno-multichar solve.c -o solve.elf objcopy -Obinary -j .text solve.elf solve.bin Reference https://github.com/Alberts-Coffee-Hours/Mastik/blob/master/src/l1.c, https://github.com/vusec/ridl/blob/master/exploits/shadow/leak.c and https://github.com/oranav/ctf-writeups/blob/master/gctf19/RIDL/solve.c */ #include #include
Created Jun 2, 2020
RCTF2020 Crypto solution
View MultipleMultiply.ipynb
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Last active Dec 1, 2019
CTFZone 2019 Quals - NTRU (Crypto - Hard)
View ctfzone2019_ntru_active_attack.py
 #!/usr/bin/python3 """ The decryption looks like this: (f * ctpol) % q * inverse(f, mod 3) % 3 Note that; - (f) is a "small" polynomial (61 values 1 and -1, others are zero). - (% q) is done to [-63; 64] If (f*ctpol) does not wrap over q
Created Nov 6, 2019
Multivariate Coppersmith method
View solver.sage
 class IIter: def __init__(self, m, n): self.m = m self.n = n self.arr = [0 for _ in range(n)] self.sum = 0 self.stop = False def __iter__(self): return self
Last active Oct 11, 2019
Balsn CTF 2019 - pyshv1,2,3 (misc)
View 0_challenge_sol.md

# pyshv1 (572)

The challenge contains two modules:

```# File: securePickle.py

import pickle, io

whitelist = []```
Last active Sep 2, 2019
TokyoWesterns CTF 2019 - happy! Solver & simple writeup
View solve.rb
 require_relative './happy' # rename happy -> happy.rb q = 180754955592872777770305021165949447837520820408608437544593001477325680227199967219036800612237524673886247520794601572290402702594122131782305474875236404413820478308317235725623037177247985490515533618988964977186476558003216903 p = 166878663790065040663149504970052368124427462024107500159158464138407657299730521908976684364578086644682045134207945137293534705688910696520830729908263578233018529387676221035298300775812585471932551347478303730822844748034186479 k = 2 e = 65537 d1 = e.pow((p - 1) / 2 - 2, (p - 1)) d2 = e.pow(((q - 1) / 2 - 1) * (q - 1) * (k > 1 ? q ** (k - 2) : 1) - 1, q ** (k - 1) * (q - 1)) cf = p.pow(q ** (k - 1) * (q - 1) - 1, q ** k) key = Key.new({
Created Apr 7, 2019
fastcoll patch for md5suffix
View fastcoll.patch
 diff --git a/block0.cpp b/block0.cpp index ad99358..e92eb04 100644 --- a/block0.cpp +++ b/block0.cpp @@ -83,11 +83,18 @@ void find_block0(uint32 block[], const uint32 IV[]) Q[Qoff + 16] = (xrng64() & 0x1ffdffff) | 0xa0000000 | (~Q[Qoff + 15] & 0x40020000); MD5_REVERSE_STEP(0, 0xd76aa478, 7); + if (!ok_uint32(block[0])) continue; MD5_REVERSE_STEP(6, 0xa8304613, 17);
Created Jun 25, 2018
Affine Equivalence Classes of 4-bit S-boxes
View sboxes_4bit_ae_classes.py
 from sage.crypto.sbox import SBox # List taken from De Canniere's PhD Thesis # Available at http://blog.sciencenet.cn/upload/blog/file/2009/3/20093320521938772.pdf representatives = [ SBox([0x4, 0x0, 0x1, 0xF, 0x2, 0xB, 0x6, 0x7, 0x3, 0x9, 0xA, 0x5, 0xC, 0xD, 0xE, 0x8]), SBox([0x8, 0x0, 0x1, 0xC, 0x2, 0x5, 0x6, 0x9, 0x4, 0x3, 0xA, 0xB, 0x7, 0xD, 0xE, 0xF]), SBox([0x8, 0x0, 0x1, 0xC, 0xF, 0x5, 0x6, 0x7, 0x4, 0x3, 0xA, 0xB, 0x9, 0xD, 0xE, 0x2]), SBox([0x2, 0x0, 0x1, 0x8, 0x3, 0xD, 0x6, 0x7, 0x4, 0x9, 0xA, 0x5, 0xC, 0xB, 0xE, 0xF]),